Splunk Updates Enterprise Security, User Behavior Analytics Platforms

The new releases of Splunk's Enterprise Security and User Behavior Analytics platforms are aimed at providing improved operational intelligence.

Splunk announced the latest versions of its security technologies on Sept. 27 during the company's .conf2016 event. Among the updated releases are Splunk Enterprise Security (ES) 4.5 and Splunk User Behavior Analytics (UBA) 3.0. The new releases are designed to make it easier for enterprises to collect and identify potential security risks and incidents.
"We're continuing to take a very analytics-driven approach to security," Haiyan Song, senior vice president of security markets at Splunk, told eWEEK.
The Splunk ES product is a security information and event management (SIEM) platform that can help organizations derive insights collected from log, endpoint and network information. Among the new features in ES 4.5 is a capability the company is calling a "Glass Tables" view for improved data visualization. The Glass Tables technology originated in the Splunk IT Service Intelligence platform as a way to enable organizations to generate multi-layer views of services and operations.
"Glass Tables really gives the business users that don't want to get into the bits an at-a-glance view to understand the key metrics," Song said.

The Splunk UBA product came to the company by way of the $190 million acquisition of behavioral analytics vendor Caspida in July 2015. In a video interview with eWEEK in 2015, Muddu Sudhakar, former CEO of Caspida, explained that in order to do behavioral analytics, there needs to be data, which is what Splunk's platform provides. Since the acquisition, Splunk has enhanced the Caspida technology.

"When Caspida was acquired, it was a small startup, and we had to elevate the enterprise readiness of the product," Song said.
In the last year, Splunk has been working on improving scalability and reliability. The Splunk UBA 3.0 release continues to improve upon the technology with additional integrations and the ability to be updated quicker than before. Song said that there is a need to rapidly update UBA with new content more often than a typical enterprise will want to update the underlying software. To that end, UBA 3.0 now separates out the content—that is, the behavioral and policy models—from the underlying platform. The content can now be iterated more rapidly via a subscription-based model that provides regular updates.
"The content piece includes things that people can author without needing to have a developer change the product," Song explained.
Items that can be authored include new detection rules as well as data connectors; that said, the new content piece of UBA 3.0 does not currently enable a user to author a new user behavior detection algorithm, though Song said that could be part of a future update, Song said.
"We want to help customers to build a security nerve center, and Splunk can be a big piece of that," Song said. You will see us adding automation and integration, and we'll continue to tighten up the integration between ES and UBA."
One example is that UBA today has the capability to understand and correlate user sessions across multiple devices; that same user context can be helpful for security investigation conducted using ES, Song said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.